Creates a virtual NIC, acquires an IP address from the DHCP, sets up the Squid Proxy for outgoing connection, and checks conectivity's to TARGET websites, if connection to the TARGET is lost, Repeat!
Created
August 6, 2016 10:59
-
-
Save taesiri/f942bd635becd5a3b00ae7f20aab40f9 to your computer and use it in GitHub Desktop.
EvilNIC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ip link del evilnic | |
| ip link add dev evilnic link ens32 type macvlan | |
| ip link set evilnic up | |
| dhclient evilnic | |
| IPADDRS="$(/sbin/ifconfig evilnic | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')" | |
| rm /etc/squid/squid.conf | |
| cp squid.conf /etc/squid/squid.conf | |
| echo "acl portA myport 3128" >> /etc/squid/squid.conf | |
| echo "acl portB myport 3129" >> /etc/squid/squid.conf | |
| echo "http_port 3128" >> /etc/squid/squid.conf | |
| echo "http_port 3129" >> /etc/squid/squid.conf | |
| echo "tcp_outgoing_address 192.168.1.2 portA" >> /etc/squid/squid.conf | |
| echo "tcp_outgoing_address $IPADDRS portB" >> /etc/squid/squid.conf | |
| service squid reload |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while true | |
| do | |
| echo 'Checking Connectivity!'; | |
| IPADDRS="$(/sbin/ifconfig evilnic | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')" | |
| if [ -z "$IPADDRS" ] | |
| then | |
| echo "Lost IP!" | |
| sh ./ip_evil.sh | |
| fi | |
| OUTPUT="$(curl -Is http://TARGET.com --connect-timeout 5 --interface $IPADDRS | head -1)" | |
| if [ -z "$OUTPUT" ] | |
| then | |
| echo 'BLOCKED!' | |
| sh ./ip_evil.sh | |
| fi | |
| sleep 5 | |
| done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http_port 3128 | |
| refresh_pattern ^ftp: 1440 20% 10080 | |
| refresh_pattern ^gopher: 1440 0% 1440 | |
| refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
| refresh_pattern . 0 20% 4320 | |
| acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ | |
| acl localhost src 127.0.0.1/32 ::1 | |
| acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 | |
| acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network | |
| acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network | |
| acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network | |
| acl localnet src fc00::/7 # RFC 4193 local private network range | |
| acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
| acl SSL_ports port 443 | |
| acl Safe_ports port 80 # http | |
| acl Safe_ports port 21 # ftp | |
| acl Safe_ports port 443 # https | |
| acl Safe_ports port 70 # gopher | |
| acl Safe_ports port 210 # wais | |
| acl Safe_ports port 1025-65535 # unregistered ports | |
| acl Safe_ports port 280 # http-mgmt | |
| acl Safe_ports port 488 # gss-http | |
| acl Safe_ports port 591 # filemaker | |
| acl Safe_ports port 777 # multiling http | |
| acl CONNECT method CONNECT | |
| http_access allow manager localhost | |
| http_access deny manager | |
| http_access deny !Safe_ports | |
| http_access deny CONNECT !SSL_ports | |
| http_access allow localhost | |
| http_access allow localnet | |
| http_access deny all | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment